ci starts bisection 2022-07-30 05:35:33.233571761 +0000 UTC m=+67717.402056017 bisecting cause commit starting from 6e2c0490769ef8a95b61304389116ccc85c53e12 building syzkaller on fef302b1a60baa1f93300b6744d9e08788133e77 testing commit 6e2c0490769ef8a95b61304389116ccc85c53e12 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 99e9295928628453d3964faa3bebc400ef71eccd05f826187d34a608f92bbbba run #0: crashed: INFO: rcu detected stall in corrupted run #1: crashed: INFO: rcu detected stall in dummy_timer run #2: crashed: INFO: rcu detected stall in corrupted run #3: crashed: INFO: rcu detected stall in dummy_timer run #4: crashed: INFO: rcu detected stall in corrupted run #5: crashed: INFO: rcu detected stall in corrupted run #6: crashed: INFO: rcu detected stall in corrupted run #7: crashed: INFO: rcu detected stall in corrupted run #8: crashed: INFO: rcu detected stall in dummy_timer run #9: crashed: INFO: rcu detected stall in corrupted run #10: crashed: INFO: rcu detected stall in dummy_timer run #11: crashed: INFO: rcu detected stall in corrupted run #12: OK run #13: OK run #14: OK run #15: crashed: INFO: rcu detected stall in corrupted run #16: OK run #17: OK run #18: OK run #19: OK testing release v5.18 testing commit 4b0986a3613c92f4ec1bdc7f60ec66fea135991f compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f90bb7dfbcd3ac5155c3c8efb5eb5c187f22f6aa4cfbf2fb72bf6c19283abae8 all runs: OK # git bisect start 6e2c0490769ef8a95b61304389116ccc85c53e12 4b0986a3613c92f4ec1bdc7f60ec66fea135991f Bisecting: 8429 revisions left to test after this (roughly 13 steps) [c011dd537ffe47462051930413fed07dbdc80313] Merge tag 'arm-soc-5.19' of git://git.kernel.org/pub/scm/linux/kernel/git/soc/soc testing commit c011dd537ffe47462051930413fed07dbdc80313 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 335fea2c2fda557d4a1b5bc311f7a6d59ae923044b18f51d8dc56ca48547f936 all runs: OK # git bisect good c011dd537ffe47462051930413fed07dbdc80313 Bisecting: 4217 revisions left to test after this (roughly 12 steps) [cf67838c4422eab826679b076dad99f96152b4de] selftests net: fix bpf build error testing commit cf67838c4422eab826679b076dad99f96152b4de compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: cbbdfdcfbd7b997a9f2d9c2ee0ab273422a7995471c2f671d1b9688040ed97a4 all runs: OK # git bisect good cf67838c4422eab826679b076dad99f96152b4de Bisecting: 2108 revisions left to test after this (roughly 11 steps) [90add6d418d02991380595bdbc307e05410af638] Merge tag 'for-5.19/dm-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm testing commit 90add6d418d02991380595bdbc307e05410af638 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 0b33114a4fd13cf3d468e618fb667143ef66a9bb8551165f1093c16c2b02f019 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: boot failed: INFO: task hung in add_early_randomness run #2: crashed: KASAN: use-after-free Read in driver_register run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: crashed: KASAN: use-after-free Read in driver_register run #8: OK run #9: OK # git bisect bad 90add6d418d02991380595bdbc307e05410af638 Bisecting: 1078 revisions left to test after this (roughly 10 steps) [54c2cc79194c961a213c1d375fe3aa4165664cc4] Merge tag 'usb-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb testing commit 54c2cc79194c961a213c1d375fe3aa4165664cc4 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 506a770f2d3e461c235acb3f131def57893649c511e238dfe56353eff8fa4847 run #0: boot failed: INFO: task hung in add_early_randomness run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: crashed: KASAN: use-after-free Read in driver_register run #6: OK run #7: OK run #8: OK run #9: OK reproducer seems to be flaky # git bisect bad 54c2cc79194c961a213c1d375fe3aa4165664cc4 Bisecting: 664 revisions left to test after this (roughly 9 steps) [6a31a95135da0bb2c5349e49e37d76e9909ab7ea] staging: r8188eu: remove include/rtw_debug.h testing commit 6a31a95135da0bb2c5349e49e37d76e9909ab7ea compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: d82d65eec36eb6d270ac06fb940d21174c309c99ae14a5804e8d3061702c4c07 all runs: OK # git bisect good 6a31a95135da0bb2c5349e49e37d76e9909ab7ea Bisecting: 327 revisions left to test after this (roughly 8 steps) [04d93b2b8bc7a68ec45a6a156f34a611ede5aa60] Merge tag 'spdx-5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/spdx testing commit 04d93b2b8bc7a68ec45a6a156f34a611ede5aa60 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4dd0507a1b1810ba62755f6a0b434999d5d36b969c7a1c48ae0ffcc600a7cd24 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: boot failed: INFO: task hung in add_early_randomness run #2: boot failed: INFO: task hung in add_early_randomness run #3: boot failed: INFO: task hung in add_early_randomness run #4: boot failed: INFO: task hung in add_early_randomness run #5: boot failed: INFO: task hung in add_early_randomness run #6: boot failed: INFO: task hung in add_early_randomness run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 04d93b2b8bc7a68ec45a6a156f34a611ede5aa60 Bisecting: 163 revisions left to test after this (roughly 7 steps) [c069d2756c01ed36121fae6a42c14fdf1325c71d] serial: sifive: Sanitize CSIZE and c_iflag testing commit c069d2756c01ed36121fae6a42c14fdf1325c71d compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 2a4bb8d2bff18fc247e83cecac50d430cf18cdf7330a6452c389e238caa79b4d all runs: OK # git bisect good c069d2756c01ed36121fae6a42c14fdf1325c71d Bisecting: 81 revisions left to test after this (roughly 6 steps) [3120aac6d0ecd9accf56894aeac0e265f74d3d5a] usb: dwc2: gadget: don't reset gadget's driver->bus testing commit 3120aac6d0ecd9accf56894aeac0e265f74d3d5a compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 76e5fb91502f4a63c45d1b5b0631066a4f2cf91626c45d9ae15a0d73bf81cc45 all runs: OK # git bisect good 3120aac6d0ecd9accf56894aeac0e265f74d3d5a Bisecting: 40 revisions left to test after this (roughly 5 steps) [0cf1ea040a7e2cae4776216d16d33d3898ea58de] usb: host: xhci-plat: create shared hcd after having added main hcd testing commit 0cf1ea040a7e2cae4776216d16d33d3898ea58de compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: 4ec97a01329feb81d0f98ce21f3575c552dfcc8f8b805998c8339e9eb038d85a all runs: OK # git bisect good 0cf1ea040a7e2cae4776216d16d33d3898ea58de Bisecting: 19 revisions left to test after this (roughly 4 steps) [376d6b02cb08021c0d3679bb53a6d6bf0dac181c] Merge tag 'thunderbolt-for-v5.19-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/westeri/thunderbolt into usb-next testing commit 376d6b02cb08021c0d3679bb53a6d6bf0dac181c compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: e9b5024962b499a5fb685c6735c5056d302bff6174b092ab97b80db365820f82 all runs: OK # git bisect good 376d6b02cb08021c0d3679bb53a6d6bf0dac181c Bisecting: 11 revisions left to test after this (roughly 3 steps) [859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9] usb: dwc3: core: Add error log when core soft reset failed testing commit 859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f82486e29e4c055abccb2120b1e4f57dd1b61725589ea7ff0d34e6be66c502b3 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: crashed: KASAN: use-after-free Read in driver_register run #2: OK run #3: OK run #4: OK run #5: crashed: KASAN: use-after-free Read in driver_register run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect bad 859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9 Bisecting: 3 revisions left to test after this (roughly 2 steps) [9d778f0c5f95ca5aa2ff628ea281978697e8d89b] usb: dwc3: Fix ep0 handling when getting reset while doing control transfer testing commit 9d778f0c5f95ca5aa2ff628ea281978697e8d89b compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: ff9f92548764062349835fdd49c287a72359acce10782a023970467b21f0e2a3 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 9d778f0c5f95ca5aa2ff628ea281978697e8d89b Bisecting: 1 revision left to test after this (roughly 1 step) [6c5ba7395b1badce5e0b8e597907751e952646cb] usb: hub: Simplify error and success path in port_over_current_notify testing commit 6c5ba7395b1badce5e0b8e597907751e952646cb compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: bf4caab6a101fb75e654f801a831b420e74ffd8ab2b2e36bb6044ffe820d8738 run #0: basic kernel testing failed: BUG: program execution failed: executor NUM: EOF run #1: OK run #2: OK run #3: OK run #4: OK run #5: OK run #6: OK run #7: OK run #8: OK run #9: OK run #10: OK run #11: OK run #12: OK run #13: OK run #14: OK run #15: OK run #16: OK run #17: OK run #18: OK run #19: OK # git bisect good 6c5ba7395b1badce5e0b8e597907751e952646cb Bisecting: 0 revisions left to test after this (roughly 0 steps) [3c5880745b4439ac64eccdb040e37fc1cc4c5406] usb: dwc3: gadget: Move null pinter check to proper place testing commit 3c5880745b4439ac64eccdb040e37fc1cc4c5406 compiler: gcc (GCC) 10.2.1 20210217, GNU ld (GNU Binutils for Debian) 2.35.2 kernel signature: f4e70b98daaaf504376aec49d975b1a88ab095aa74c5c05f2b7d33d7307259ad all runs: OK # git bisect good 3c5880745b4439ac64eccdb040e37fc1cc4c5406 859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9 is the first bad commit commit 859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9 Author: Mayank Rana Date: Wed May 18 11:12:52 2022 -0700 usb: dwc3: core: Add error log when core soft reset failed DWC3 controller soft reset is important operation for USB functionality. In case when it fails, currently there is no failure log. Hence add error log when core soft reset failed. Signed-off-by: Mayank Rana Link: https://lore.kernel.org/r/1652897572-14461-1-git-send-email-quic_mrana@quicinc.com Signed-off-by: Greg Kroah-Hartman drivers/usb/dwc3/core.c | 1 + 1 file changed, 1 insertion(+) culprit signature: f82486e29e4c055abccb2120b1e4f57dd1b61725589ea7ff0d34e6be66c502b3 parent signature: f4e70b98daaaf504376aec49d975b1a88ab095aa74c5c05f2b7d33d7307259ad Reproducer flagged being flaky revisions tested: 16, total time: 4h50m49.38928409s (build: 1h46m55.006628846s, test: 3h2m17.113290227s) first bad commit: 859bdc359567f5fa8e8dc780d7b5e53ea43d9ce9 usb: dwc3: core: Add error log when core soft reset failed recipients (to): ["balbi@kernel.org" "gregkh@linuxfoundation.org" "gregkh@linuxfoundation.org" "linux-usb@vger.kernel.org" "quic_mrana@quicinc.com"] recipients (cc): ["linux-kernel@vger.kernel.org"] crash: KASAN: use-after-free Read in driver_register ================================================================== BUG: KASAN: use-after-free in driver_find drivers/base/driver.c:223 [inline] BUG: KASAN: use-after-free in driver_register+0x33a/0x380 drivers/base/driver.c:164 Read of size 8 at addr ffff888077fd60c8 by task syz-executor203/15464 CPU: 0 PID: 15464 Comm: syz-executor203 Not tainted 5.18.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/22/2022 Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x57/0x7d lib/dump_stack.c:106 print_address_description.constprop.0.cold+0xeb/0x495 mm/kasan/report.c:313 print_report mm/kasan/report.c:429 [inline] kasan_report.cold+0xf4/0x1c6 mm/kasan/report.c:491 driver_find drivers/base/driver.c:223 [inline] driver_register+0x33a/0x380 drivers/base/driver.c:164 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:513 [inline] raw_ioctl+0x12cb/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1220 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fcad77740a7 Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 64 47 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 c0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd327d4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffd327d5090 RCX: 00007fcad77740a7 RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 RBP: 0000000000000000 R08: 000000000000ffff R09: 000000000000000b R10: 00007ffd327d40c0 R11: 0000000000000246 R12: 00007ffd327d4060 R13: 0000000000000000 R14: 00007fcad77e7440 R15: 0000000000000003 Allocated by task 15333: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track mm/kasan/common.c:45 [inline] set_alloc_info mm/kasan/common.c:436 [inline] ____kasan_kmalloc mm/kasan/common.c:515 [inline] ____kasan_kmalloc mm/kasan/common.c:474 [inline] __kasan_kmalloc+0xa9/0xd0 mm/kasan/common.c:524 kmalloc include/linux/slab.h:581 [inline] kzalloc include/linux/slab.h:714 [inline] bus_add_driver+0xb4/0x570 drivers/base/bus.c:602 driver_register+0x20a/0x380 drivers/base/driver.c:171 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:513 [inline] raw_ioctl+0x12cb/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1220 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Freed by task 15464: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 kasan_set_track+0x21/0x30 mm/kasan/common.c:45 kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:370 ____kasan_slab_free mm/kasan/common.c:366 [inline] ____kasan_slab_free+0x166/0x1a0 mm/kasan/common.c:328 kasan_slab_free include/linux/kasan.h:200 [inline] slab_free_hook mm/slub.c:1728 [inline] slab_free_freelist_hook+0x8b/0x1c0 mm/slub.c:1754 slab_free mm/slub.c:3510 [inline] kfree+0xd6/0x4d0 mm/slub.c:4552 kobject_cleanup lib/kobject.c:673 [inline] kobject_release lib/kobject.c:704 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x139/0x410 lib/kobject.c:721 driver_find drivers/base/driver.c:221 [inline] driver_register+0x1d2/0x380 drivers/base/driver.c:164 usb_gadget_register_driver_owner+0xe3/0x1f0 drivers/usb/gadget/udc/core.c:1558 raw_ioctl_run drivers/usb/gadget/legacy/raw_gadget.c:513 [inline] raw_ioctl+0x12cb/0x2230 drivers/usb/gadget/legacy/raw_gadget.c:1220 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:870 [inline] __se_sys_ioctl fs/ioctl.c:856 [inline] __x64_sys_ioctl+0x11f/0x190 fs/ioctl.c:856 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Last potentially related work creation: kasan_save_stack+0x1e/0x40 mm/kasan/common.c:38 __kasan_record_aux_stack+0xbe/0xd0 mm/kasan/generic.c:348 kvfree_call_rcu+0x74/0x990 kernel/rcu/tree.c:3595 inetdev_event+0x6e4/0x11c0 net/ipv4/devinet.c:1590 notifier_call_chain+0x94/0x170 kernel/notifier.c:84 call_netdevice_notifiers_extack net/core/dev.c:1976 [inline] call_netdevice_notifiers net/core/dev.c:1990 [inline] dev_close_many+0x28c/0x560 net/core/dev.c:1538 unregister_netdevice_many+0x36d/0x1650 net/core/dev.c:10722 default_device_exit_batch+0x39f/0x4f0 net/core/dev.c:11241 cleanup_net+0x423/0x980 net/core/net_namespace.c:594 process_one_work+0x865/0x13d0 kernel/workqueue.c:2289 worker_thread+0x598/0xec0 kernel/workqueue.c:2436 kthread+0x299/0x340 kernel/kthread.c:376 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:298 The buggy address belongs to the object at ffff888077fd6000 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 200 bytes inside of 256-byte region [ffff888077fd6000, ffff888077fd6100) The buggy address belongs to the physical page: page:ffffea0001dff580 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x77fd6 head:ffffea0001dff580 order:1 compound_mapcount:0 compound_pincount:0 flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888010841b40 raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected page_owner tracks the page as allocated page last allocated via order 1, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 4039, tgid 4039 (syz-executor.4), ts 75995479337, free_ts 75861789130 prep_new_page mm/page_alloc.c:2441 [inline] get_page_from_freelist+0x178d/0x3dc0 mm/page_alloc.c:4182 __alloc_pages+0x1b2/0x500 mm/page_alloc.c:5408 alloc_slab_page mm/slub.c:1799 [inline] allocate_slab+0x26c/0x3c0 mm/slub.c:1944 new_slab mm/slub.c:2004 [inline] ___slab_alloc+0x8e1/0xf20 mm/slub.c:3005 __slab_alloc.constprop.0+0x4d/0xa0 mm/slub.c:3092 slab_alloc_node mm/slub.c:3183 [inline] slab_alloc mm/slub.c:3225 [inline] kmem_cache_alloc_trace+0x310/0x3f0 mm/slub.c:3256 kmalloc include/linux/slab.h:581 [inline] kzalloc include/linux/slab.h:714 [inline] ____ip_mc_inc_group+0x1a7/0xa10 net/ipv4/igmp.c:1442 __ip_mc_inc_group net/ipv4/igmp.c:1477 [inline] ip_mc_inc_group net/ipv4/igmp.c:1483 [inline] ip_mc_up+0x12d/0x2b0 net/ipv4/igmp.c:1782 inetdev_event+0x1fe/0x11c0 net/ipv4/devinet.c:1579 notifier_call_chain+0x94/0x170 kernel/notifier.c:84 call_netdevice_notifiers_extack net/core/dev.c:1976 [inline] call_netdevice_notifiers net/core/dev.c:1990 [inline] __dev_notify_flags+0xcd/0x220 net/core/dev.c:8471 dev_change_flags+0xf6/0x150 net/core/dev.c:8509 do_setlink+0x81b/0x2da0 net/core/rtnetlink.c:2731 __rtnl_newlink+0xb05/0x13f0 net/core/rtnetlink.c:3416 rtnl_newlink+0x5a/0x90 net/core/rtnetlink.c:3531 rtnetlink_rcv_msg+0x31d/0x8d0 net/core/rtnetlink.c:5993 page last free stack trace: reset_page_owner include/linux/page_owner.h:24 [inline] free_pages_prepare mm/page_alloc.c:1356 [inline] free_pcp_prepare+0x549/0xd20 mm/page_alloc.c:1406 free_unref_page_prepare mm/page_alloc.c:3328 [inline] free_unref_page+0x19/0x6a0 mm/page_alloc.c:3423 __unfreeze_partials+0x17c/0x1a0 mm/slub.c:2523 qlink_free mm/kasan/quarantine.c:157 [inline] qlist_free_all+0x6a/0x170 mm/kasan/quarantine.c:176 kasan_quarantine_reduce+0x180/0x200 mm/kasan/quarantine.c:283 __kasan_slab_alloc+0xa2/0xc0 mm/kasan/common.c:446 kasan_slab_alloc include/linux/kasan.h:224 [inline] slab_post_alloc_hook mm/slab.h:749 [inline] slab_alloc_node mm/slub.c:3217 [inline] kmem_cache_alloc_node+0x255/0x3f0 mm/slub.c:3267 __alloc_skb+0x151/0x270 net/core/skbuff.c:414 alloc_skb include/linux/skbuff.h:1300 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1191 [inline] netlink_sendmsg+0x7f3/0xc20 net/netlink/af_netlink.c:1896 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg+0xab/0xe0 net/socket.c:725 __sys_sendto+0x19e/0x270 net/socket.c:2040 __do_sys_sendto net/socket.c:2052 [inline] __se_sys_sendto net/socket.c:2048 [inline] __x64_sys_sendto+0xd8/0x1b0 net/socket.c:2048 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x44/0xae Memory state around the buggy address: ffff888077fd5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888077fd6000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb >ffff888077fd6080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888077fd6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888077fd6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ==================================================================